Configuration Command Reference Guide
configure authority
Authority configuration is the top-most level in the SSR configuration hierarchy.
Subcommands
| command | description |
|---|---|
access-management | Role Based Access Control (RBAC) configuration. |
alarm-shelving | Configuration to control alarm shelving behavior. |
anti-virus-profile | User defined Anti-Virus profiles. |
asset-connection-resiliency | Configure Asset Connection Resiliency |
backwards-compatible-vrf-bgp-tenants | When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3 |
bgp-service-generation | Configure Bgp Service Generation |
certificate-revocation | Certificate revocation list with CRL details. |
cli-messages | Configure Cli Messages |
client-certificate | The client-certificate configuration contains client certificate content. |
clone | Clone a list item |
conductor-address | IP address or FQDN of the conductor |
currency | Local monetary unit. |
delete | Delete configuration data |
district | Districts in the authority. |
dscp-map | Configure Dscp Map |
dynamic-hostname | Hostname format for interfaces with dynamic addresses. It is a template with subsitution variables used to generate a unique hostname corresponding to Network Interfaces that have dynamically learned IP addresses. Uses the following substitution variables: {interface-id} for Network Interface Global Identifier, {router-name} for Router Name, {authority-name} for Authority Name. For example, interface-\{interface-id\}.\{router-name\}.\{authority-name\}. |
enhanced-security-key-management | Use certificate-based security key management. |
fib-service-match | When creating FIB entries by matching route updates to service addresses, consider the specified service addresses. |
forward-error-correction-profile | A profile for Forward Error Correection parameters, describing how often to send parity packets. |
icmp-control | Settings for ICMP packet handling |
idp-profile | User defined IDP profiles. |
ipfix-collector | Configuration for IPFIX record export. |
ipv4-option-filter | Configure Ipv 4 Option Filter |
ldap-server | LDAP Servers against which to authenticate user credentials. |
management-service-generation | Configure Management Service Generation |
metrics | Configuration for metrics collection. |
metrics-profile | A collection of metrics |
name | The identifier for the Authority. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
password-policy | Password policy for user's passwords. |
pcli | Configure the PCLI. |
performance-monitoring-profile | A performance monitoring profile used to determine how often packets should be marked. |
radius-server | Radius Servers against which to authenticate user credentials. |
rekey-interval | Hours between security key regeneration. Recommended value 24 hours. |
remote-login | Configure Remote Login |
resource-group | Collect objects into a management group. |
router | The router configuration element serves as a container for holding the nodes of a single deployed router, along with their policies. |
routing | authority level routing configuration |
security | The security elements represent security policies for governing how and when the SSR encrypts and/or authenticates packets. |
security-key-management | Configure Security Key Management |
service | The service configuration is where you define the services that reside within the authority's tenants as well as the policies to apply to those services. |
service-class | Defines the association between DSCP value and a priority queue. |
service-policy | A service policy, which defines parameters applied to services that reference the policy |
session-record-profile | A profile to describe how to collect session records. |
session-records | Configure Session Records |
session-recovery-detection | Configure Session Recovery Detection |
session-type | Type of session classification based on protocol and port, and associates it with a default class of service. |
show | Show configuration data for 'authority' |
software-access | Configuration for SSR software access for the authority. Supported on managed assets only. |
software-update | Configure Software Update |
step | Configure Step |
step-repo | List of Service and Topology Exchange Protocol repositories. |
syslog-policy | Configuration for syslog message generation. |
tenant | A customer or user group within the Authority. |
traffic-profile | A set of minimum guaranteed bandwidths, one for each traffic priority |
trusted-ca-certificate | The trusted-ca-certificate configuration contains CA certificate content. |
web-messages | Configure Web Messages |
web-theme | Configure Web Theme |
configure authority access-management
Role Based Access Control (RBAC) configuration.
Subcommands
| command | description |
|---|---|
clone | Clone a list item |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
role | Configure Role |
show | Show configuration data for 'access-management' |
token | Configuration for HTTP authentication token generation. |
configure authority access-management role
Configure Role
Usage
configure authority access-management role <name>
Positional Arguments
| name | description |
|---|---|
| name | A unique name that identifies this role. |
Subcommands
| command | description |
|---|---|
capability | The capabilities that this user will be granted. |
clone | Clone a list item |
delete | Delete configuration data |
description | A description about the role. |
exclude-resource | Exclude a resource from being associated with this role. |
name | A unique name that identifies this role. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource | Associate this role with a resource. |
resource-group | Associate this role with a top-level resource-group. |
show | Show configuration data for 'role' |
configure authority access-management role capability
The capabilities that this user will be granted.
Usage
configure authority access-management role capability [<identityref>]
Positional Arguments
| name | description |
|---|---|
| identityref | Value to add to this list |
Description
identityref
A value from a set of predefined names.
Options:
- config-read: Configuration Read Capability
- config-write: Configuration Write Capability
- provisioning: Asset Provisioning Capability
configure authority access-management role description
A description about the role.
Usage
configure authority access-management role description [<string>]
Positional Arguments
| name | description |
|---|---|
| string | The value to set for this field |
Description
string
A text value.
configure authority access-management role exclude-resource
Exclude a resource from being associated with this role.
Usage
configure authority access-management role exclude-resource <id>
Positional Arguments
| name | description |
|---|---|
| id | Configure Id |
Subcommands
| command | description |
|---|---|
id | Configure Id |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'exclude-resource' |
configure authority access-management role exclude-resource id
Configure Id
Usage
configure authority access-management role exclude-resource id [<resource-id>]
Positional Arguments
| name | description |
|---|---|
| resource-id | The value to set for this field |
Description
resource-id (string)
The identifier of the resource.
Must be either just a * asterisk or an identifier
followed by a colon which is then followed by either
an asterisk, or a path that contains only valid yang
names and list-keys separated by forward-slashes and
optionally followed by a forward-slash and an asterisk.
Example: SSR:/authority/router/MyRouter/*
configure authority access-management role name
A unique name that identifies this role.
Usage
configure authority access-management role name [<name-id>]
Positional Arguments
| name | description |
|---|---|
| name-id | The value to set for this field |
Description
name-id (string)
A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.
Must contain only alphanumeric characters or any of the following: _ - Length: 0-63
configure authority access-management role resource
Associate this role with a resource.
Usage
configure authority access-management role resource <id>
Positional Arguments
| name | description |
|---|---|
| id | Configure Id |
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
generated | Indicates whether or not the resource was automatically generated |
id | Configure Id |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'resource' |
configure authority access-management role resource generated
Indicates whether or not the resource was automatically generated
Usage
configure authority access-management role resource generated [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
Description
boolean
A true or false value.
Options: true or false
configure authority access-management role resource id
Configure Id
Usage
configure authority access-management role resource id [<resource-id>]
Positional Arguments
| name | description |
|---|---|
| resource-id | The value to set for this field |
Description
resource-id (string)
The identifier of the resource.
Must be either just a * asterisk or an identifier
followed by a colon which is then followed by either
an asterisk, or a path that contains only valid yang
names and list-keys separated by forward-slashes and
optionally followed by a forward-slash and an asterisk.
Example: SSR:/authority/router/MyRouter/*
configure authority access-management role resource-group
Associate this role with a top-level resource-group.
Usage
configure authority access-management role resource-group [<resource-group-ref>]
Positional Arguments
| name | description |
|---|---|
| resource-group-ref | Value to add to this list |
Description
resource-group-ref (leafref)
This type is used by other entities that need to reference configured resource groups.
configure authority access-management token
Configuration for HTTP authentication token generation.
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
expiration | Minutes after initial authentication that the authentication token is valid. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'token' |
configure authority access-management token expiration
Minutes after initial authentication that the authentication token is valid.
Usage
configure authority access-management token expiration [<union>]
Positional Arguments
| name | description |
|---|---|
| union | The value to set for this field |
Description
Units: minutes
Default: never
union
A value that corresponds to one of its member types.
Must be one of the following types:
(0) uint64
An unsigned 64-bit integer.
Range: 1-18446744073709551615
(1) enumeration
A value from a set of predefined names.
Options:
- never: Never expire
configure authority alarm-shelving
Configuration to control alarm shelving behavior.
Subcommands
| command | description |
|---|---|
clone | Clone a list item |
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
shelf | Shelf configuration and criteria for classifying alarms as shelved. |
show | Show configuration data for 'alarm-shelving' |
configure authority alarm-shelving shelf
Shelf configuration and criteria for classifying alarms as shelved.
Usage
configure authority alarm-shelving shelf <name>
Positional Arguments
| name | description |
|---|---|
| name | An arbitrary name for the alarm shelf. |
Subcommands
| command | description |
|---|---|
applies-to | Logical group to which a configuration element applies |
category | Shelve alarms for this category. |
clone | Clone a list item |
delete | Delete configuration data |
generated | Indicates whether or not the Shelf was automatically generated as a result of Alarm Shelf generation. |
match-type | How the individual items in the shelf should be matched in order to trigger the shelving |
message-regex | Shelve alarms with messages that match this regex. |
name | An arbitrary name for the alarm shelf. |
node-name | Shelve alarms from this node. |
node-name-regex | Shelve alarms from nodes that match this regex. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
router-name | Shelve alarms from this router. |
router-name-regex | Shelve alarms from routers that match this regex. |
severity | Shelve alarms for this severity. |
show | Show configuration data for 'shelf' |
configure authority alarm-shelving shelf applies-to
Logical group to which a configuration element applies
Usage
configure authority alarm-shelving shelf applies-to <type>
Positional Arguments
| name | description |
|---|---|
| type | Type of group to which the configuration applies. |
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
group-name | Name of the router-group to which this configuration applies. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
resource-group | Name of the resource-group to which this configuration applies. |
router-name | Name of the router to which this configuration applies. |
show | Show configuration data for 'applies-to' |
type | Type of group to which the configuration applies. |
configure authority alarm-shelving shelf applies-to group-name
Name of the router-group to which this configuration applies.
Usage
configure authority alarm-shelving shelf applies-to group-name [<leafref>]
Positional Arguments
| name | description |
|---|---|
| leafref | Value to add to this list |
Description
leafref
A reference to an existing value in the instance data.
configure authority alarm-shelving shelf applies-to resource-group
Name of the resource-group to which this configuration applies.
Usage
configure authority alarm-shelving shelf applies-to resource-group [<resource-group-ref>]
Positional Arguments
| name | description |
|---|---|
| resource-group-ref | Value to add to this list |
Description
resource-group-ref (leafref)
This type is used by other entities that need to reference configured resource groups.
configure authority alarm-shelving shelf applies-to router-name
Name of the router to which this configuration applies.
Usage
configure authority alarm-shelving shelf applies-to router-name [<leafref>]
Positional Arguments
| name | description |
|---|---|
| leafref | Value to add to this list |
Description
leafref
A reference to an existing value in the instance data.
configure authority alarm-shelving shelf applies-to type
Type of group to which the configuration applies.
Usage
configure authority alarm-shelving shelf applies-to type [<enumeration>]
Positional Arguments
| name | description |
|---|---|
| enumeration | The value to set for this field |
Description
enumeration
A value from a set of predefined names.
Options:
- authority: Applies to all routers in the authority.
- router: Router(s) to which the configuration applies.
- router-group: Logical group of router(s) to which the configuration applies.
- resource-group: An RBAC management group to which the configuration applies
configure authority alarm-shelving shelf category
Shelve alarms for this category.
Usage
configure authority alarm-shelving shelf category [<enumeration>]
Positional Arguments
| name | description |
|---|---|
| enumeration | The value to set for this field |
Description
Default: none
enumeration
A value from a set of predefined names.
Options:
- none: A Category of "none" indicates that Category will not be considered when evaluating alarms against this shelf
- extensible-alarm: Shelve alarms with a category of "extensible-alarm"
- system: Shelve alarms with a category of "system"
- process: Shelve alarms with a category of "process"
- interface: Shelve alarms with a category of "interface"
- platform: Shelve alarms with a category of "platform"
- peer: Shelve alarms with a category of "peer"
- base: Shelve alarms with a category of "base"
- node-base: Shelve alarms with a category of "node-base"
- global-base: Shelve alarms with a category of "global-base"
- network-interface: Shelve alarms with a category of "network-interface"
- platform-stat: Shelve alarms with a category of "platform-stat"
- redundancy: Shelve alarms with a category of "redundancy"
- giid: Shelve alarms with a category of "giid"
- asset: Shelve alarms with a category of "asset"
- prefix-delegation: Shelve alarms with a category of "prefix-delegation"
- service: Shelve alarms with a category of "service"
- bgp-neighbor: Shelve alarms with a category of "bgp-neighbor"
- msdp-neighbor: Shelve alarms with a category of "msdp-neighbor"
configure authority alarm-shelving shelf generated
Indicates whether or not the Shelf was automatically generated as a result of Alarm Shelf generation.
Usage
configure authority alarm-shelving shelf generated [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
Description
boolean
A true or false value.
Options: true or false
configure authority alarm-shelving shelf match-type
How the individual items in the shelf should be matched in order to trigger the shelving
Usage
configure authority alarm-shelving shelf match-type [<enumeration>]
Positional Arguments
| name | description |
|---|---|
| enumeration | The value to set for this field |
Description
Default: all
enumeration
A value from a set of predefined names.
Options:
- all: All items in the shelf must match an alarm in order to trigger the shelving.
- any: At least one item in the shelf must match an alarm in order to trigger the shelving
configure authority alarm-shelving shelf message-regex
Shelve alarms with messages that match this regex.
Usage
configure authority alarm-shelving shelf message-regex [<regex>]
Positional Arguments
| name | description |
|---|---|
| regex | The value to set for this field |
Description
regex (string)
A regular expression (regex) type.
configure authority alarm-shelving shelf name
An arbitrary name for the alarm shelf.
Usage
configure authority alarm-shelving shelf name [<string>]
Positional Arguments
| name | description |
|---|---|
| string | The value to set for this field |
Description
string
A text value.
configure authority alarm-shelving shelf node-name
Shelve alarms from this node.
Usage
configure authority alarm-shelving shelf node-name [<string>]
Positional Arguments
| name | description |
|---|---|
| string | The value to set for this field |
Description
string
A text value.
configure authority alarm-shelving shelf node-name-regex
Shelve alarms from nodes that match this regex.
Usage
configure authority alarm-shelving shelf node-name-regex [<regex>]
Positional Arguments
| name | description |
|---|---|
| regex | The value to set for this field |
Description
regex (string)
A regular expression (regex) type.
configure authority alarm-shelving shelf router-name
Shelve alarms from this router.
Usage
configure authority alarm-shelving shelf router-name [<string>]
Positional Arguments
| name | description |
|---|---|
| string | The value to set for this field |
Description
string
A text value.
configure authority alarm-shelving shelf router-name-regex
Shelve alarms from routers that match this regex.
Usage
configure authority alarm-shelving shelf router-name-regex [<regex>]
Positional Arguments
| name | description |
|---|---|
| regex | The value to set for this field |
Description
regex (string)
A regular expression (regex) type.
configure authority alarm-shelving shelf severity
Shelve alarms for this severity.
Usage
configure authority alarm-shelving shelf severity [<enumeration>]
Positional Arguments
| name | description |
|---|---|
| enumeration | The value to set for this field |
Description
Default: none
enumeration
A value from a set of predefined names.
Options:
- info: Shelve alarms with a severity level of "info"
- minor: Shelve alarms with a severity level of "minor"
- major: Shelve alarms with a severity level of "major"
- critical: Shelve alarms with a severity level of "critical"
- none: A Severity of "none" indicates that Severity will not be considered when evaluating alarms against this shelf
configure authority anti-virus-profile
User defined Anti-Virus profiles.
Usage
configure authority anti-virus-profile <name>
Positional Arguments
| name | description |
|---|---|
| name | Name of the profile. |
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
fallback-option | Defines what action the system should take for the match. |
max-filesize | Configure Max Filesize |
mime-allowlist | MIME patterns for allowing |
name | Name of the profile. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
protocol | Defines protocols to allow. |
show | Show configuration data for 'anti-virus-profile' |
url-allowlist | URL patterns for allowing |
configure authority anti-virus-profile fallback-option
Defines what action the system should take for the match.
Usage
configure authority anti-virus-profile fallback-option [<enumeration>]
Positional Arguments
| name | description |
|---|---|
| enumeration | The value to set for this field |
Description
Default: log-and-permit
enumeration
A value from a set of predefined names.
Options:
- permit: Permit content size.
- log-and-permit: Log and Permit content size.
- block: Block content size.
configure authority anti-virus-profile max-filesize
Configure Max Filesize
Usage
configure authority anti-virus-profile max-filesize [<uint64>]
Positional Arguments
| name | description |
|---|---|
| uint64 | The value to set for this field |
Description
Default: 10000
uint64
An unsigned 64-bit integer.
configure authority anti-virus-profile mime-allowlist
MIME patterns for allowing
Usage
configure authority anti-virus-profile mime-allowlist [<string>]
Positional Arguments
| name | description |
|---|---|
| string | Value to add to this list |
Description
string
A text value.
configure authority anti-virus-profile name
Name of the profile.
Usage
configure authority anti-virus-profile name [<name-id>]
Positional Arguments
| name | description |
|---|---|
| name-id | The value to set for this field |
Description
name-id (string)
A string identifier which only uses alphanumerics, underscores, or dashes, and cannot exceed 63 characters.
Must contain only alphanumeric characters or any of the following: _ - Anti-Virus profile name (default-policy|no-ftp|http-only|none) is reserved. Length: 0-20
configure authority anti-virus-profile protocol
Defines protocols to allow.
Usage
configure authority anti-virus-profile protocol [<enumeration>]
Positional Arguments
| name | description |
|---|---|
| enumeration | Value to add to this list |
Description
enumeration
A value from a set of predefined names.
Options:
- http: Allow HTTP protocol.
- smtp: Allow SMTP protocol.
- pop3: Allow POP3 protocol.
- imap: Allow IMAP protocol.
- ftp: Allow FTP protocol.
configure authority anti-virus-profile url-allowlist
URL patterns for allowing
Usage
configure authority anti-virus-profile url-allowlist [<string>]
Positional Arguments
| name | description |
|---|---|
| string | Value to add to this list |
Description
string
A text value.
configure authority asset-connection-resiliency
Configure Asset Connection Resiliency
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
enabled | Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor. |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
show | Show configuration data for 'asset-connection-resiliency' |
ssh-only | Only allow the asset connections from managed Router to Conductor to connect via the SSH tunnels. |
configure authority asset-connection-resiliency enabled
Enable asset connection resiliency by creating SSH tunnels for asset connections from managed Router to Conductor.
Usage
configure authority asset-connection-resiliency enabled [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
Description
Default: true
boolean
A true or false value.
Options: true or false
configure authority asset-connection-resiliency ssh-only
Only allow the asset connections from managed Router to Conductor to connect via the SSH tunnels.
Usage
configure authority asset-connection-resiliency ssh-only [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
Description
Default: false
boolean
A true or false value.
Options: true or false
configure authority backwards-compatible-vrf-bgp-tenants
When generating tenant names for VRF BGP over SVR, do not use leading or trailing underscores. This enables backwards compatibility with router versions smaller than 5.1.3
Usage
configure authority backwards-compatible-vrf-bgp-tenants [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
Description
Default: false
boolean
A true or false value.
Options: true or false
configure authority bgp-service-generation
Configure Bgp Service Generation
Subcommands
| command | description |
|---|---|
delete | Delete configuration data |
override-generated | Force auto-generated configuration and any modifications to it to persist on commit |
route-reflector-client-mesh | Generate service-route mesh for route reflector clients. |
security-policy | Security policy to be used instead of 'internal'. |
service-policy | Service policy to be used for generated BGP services. |
show | Show configuration data for 'bgp-service-generation' |
configure authority bgp-service-generation route-reflector-client-mesh
Generate service-route mesh for route reflector clients.
Usage
configure authority bgp-service-generation route-reflector-client-mesh [<boolean>]
Positional Arguments
| name | description |
|---|---|
| boolean | The value to set for this field |
Description
Default: false
boolean
A true or false value.
Options: true or false
configure authority bgp-service-generation security-policy
Security policy to be used instead of 'internal'.